Debenhams Flowers data breach hits 26,000

Debenhams shopImage copyright
Getty Images

Image caption

The separate Debenhams.com website was not affected, the firm says

Retailer Debenhams has said that up to 26,000 customers of its Flowers website have had their personal data compromised following a cyber-attack.

Payment details, names and addresses were potentially taken during the incident, which targeted Ecomnova, a third party e-commerce company.

Debenhams said it has contacted customers whose data was accessed.

Customers of Debenhams.com, a separate website, have not been affected, the company added.

The attack took place between 24 February and 11 April and the Debenhams Flowers website is currently offline.

“Our communication to affected customers includes detailing steps that we have taken and steps that those customers should take,” Debenhams said in a statement.

A spokeswoman told the BBC that emails have been sent to just under 26,000 customers and that this will be followed up with a letter in the post.

“As soon as we were informed that there had been a cyber-attack, we suspended the Debenhams Flowers website and commenced a full investigation,” said Debenhams chief executive Sergio Bucher in a statement.

“We are very sorry that customers have been affected by this incident and we are doing everything we can to provide advice to affected customers and reduce their risk.”

The Information Commissioner’s Office (ICO) has been informed of the incident.

Article source: http://www.bbc.co.uk/news/technology-39818436

Investigatory Powers: ‘Real-time surveillance’ in draft update

Smartphone userImage copyright
Getty Images

Image caption

One legal expert thinks the draft regulations could pave the way for near real-time surveillance of online chat conversations

The “live” surveillance of British web users’ internet communications has been proposed in a draft technical paper prepared by the government.

If made law, such access would occur via the Investigatory Powers (IP) Act, which includes provisions for the removal of encryption on content.

The paper was allegedly leaked to civil liberties body the Open Rights Group, which received the document on 4 May.

The Home Office denied there was anything new in the consultation.

Phone companies and internet service providers would be asked to provide “data in near real time” within one working day, according to one clause in the technical capabilities paper.

Such access would need to be sanctioned by secretaries of state and a judge appointed by the prime minister.

The paper also echoes the IP Act itself, noting that tech companies would be required to remove – or enable the removal – of encryption from communications as they would need to be provided “in an intelligible form” without “electronic protection”.

Cryptographers often describe such access as a “backdoor” in the security of communications services.

The idea is controversial because some argue it could be exploited by hackers, endangering innocent users.

Under the terms of the Investigatory Powers Act, telecoms firms would have to carry out the requirements of any notices to these effects in secret, so the public would be unaware that such access had been given.

Simultaneous surveillance could occur in bulk, but be limited to one in every 10,000 users of a given service – a maximum of roughly 900 of BT’s 9 million British broadband customers, for instance.

A consultation about the paper – due to end on 19 May – is allegedly under way at the moment, though this was not publicly announced by the government.

It does not have a legal obligation notify the public about draft regulations, which would have to be passed by both Houses of Parliament in order to become law.

However, the paper suggests that the regulations have already been seen by the UK’s Technical Advisory Board.

A BT spokesman confirmed the company had received “a copy of draft regulations, to be made under the Investigatory Powers Act 2016, in relation to technical capability notices” – but did not comment further.

‘Security risk’

“The public has a right to know about government powers that could put their privacy and security at risk,” said Jim Killock, executive director of the Open Rights Group, explaining the decision to publish the document.

“It seems very clear that the Home Office intends to use these to remove end-to-end encryption – or more accurately to require tech companies to remove it,” said Dr Cian Murphy, a legal expert at the University of Bristol who has criticised the scope of the IP act.

“I do read the regulations as the Home Office wanting to be able to have near real-time access to web chat and other forms of communication,” he told the BBC.

Media captionAmber Rudd in March: “Intelligence services need to be able to get into encrypted services like WhatsApp”

Home Secretary Amber Rudd has previously argued that the Investigatory Powers Act is necessary to curb “new opportunities for terrorists” afforded by the internet.

In March, Ms Rudd’s comments that encrypted messaging services like WhatsApp should not be places “for terrorists to hide” caused much debate.

Surveillance of some mobile phone user data in “as near real-time as possible” has already been available to law enforcement authorities for many years, noted Dr Steven Murdoch at University College London.

The UK’s Internet Service Providers’ Association (Ispa), which represents BT, Sky, Virgin Media, TalkTalk and others, said it would be “consulting its members and submitting a response to the draft regulations”.

Get news from the BBC in your inbox, each weekday morning

Article source: http://www.bbc.co.uk/news/technology-39817300

Nasa runs competition to help make old Fortran code faster

XB-70 ValkyrieImage copyright
NASA

Image caption

Nasa develops designs on computer long before the craft take to the air

Nasa is seeking help from coders to speed up the software it uses to design experimental aircraft.

It is running a competition that will share $55,000 (£42,000) between the top two people who can make its FUN3D software run up to 10,000 times faster.

The FUN3D code is used to model how air flows around simulated aircraft in a supercomputer.

The software was developed in the 1980s and is written in an older computer programming language called Fortran.

“This is the ultimate ‘geek’ dream assignment,” said Doug Rohn, head of Nasa’s transformative aeronautics concepts program that makes heavy use of the FUN3D code.

In a statement, Mr Rohn said the software is used on the agency’s Pleiades supercomputer to test early designs of futuristic aircraft.

The software suite tests them using computational fluid dynamics, which make heavy use of complicated mathematical formulae and data structures to see how well the designs work.

Bottlenecks

Once designs are proved on the supercomputer, scale models are tested in wind tunnels and then finally experimental craft undergo real world testing.

Significant improvements could be gained just by simplifying a heavily used sub-routine so it runs a few milliseconds faster, said Nasa on the webpage describing the competition. If the routine is called millions of times during a simulation this could “significantly” trim testing times, it added.

Nasa said it would provide copies of the code to anyone taking part so they can analyse it, find bottlenecks and suggest modifications that could speed it up. Nasa is looking for the code to run at least 10 times faster but would like it quickened by thousands of times, if possible.

Any changes to FUN3D must not make it less accurate, said Nasa.

The sensitive nature of the code means the competition is only open to US citizens who are over 18.

Article source: http://www.bbc.co.uk/news/technology-39803425

‘Unlock iPhone’, says judge in US sextortion case

Reality TV star Hencha VoigtImage copyright
Instagram

Image caption

Reality TV star Hencha Voigt is accused of extorting Julieanna Goddard

A Florida judge has ruled that two defendants in a sextortion case must hand over the passwords to their mobile phones so officials can search them.

Reality TV star Hencha Voigt and former boyfriend, Wesley Victor, are accused of threatening to release explicit images of social media star Julieanna Goddard unless she paid a ransom.

The defendants said the ruling broke their constitutional rights.

But Miami-Dade Circuit Judge Charles Johnson said he was following the law.

“For me, this is like turning over a key to a safety deposit box,” he said on Wednesday.

Prosecutors allege that Ms Voigt and Mr Victor told Ms Goddard to pay them $18,000 (£14,000) within 24 hours, or they would release X-rated videos and photos of her.

Ms Goddard, a party promoter and socialite, is a big name on social media where she goes by the name “YesJulz”.

Ms Voigt is a model and Instagram star who appeared in WAGS Miami, a reality TV show about the wives and girlfriends of sports figures.

Police arrested the defendants last July and seized their phones, having intercepted text messages allegedly sent to Ms Goddard.

But they have been unable to bypass the passwords for Ms Voigt’s iPhone and Mr Victor’s BlackBerry to search for more evidence.

As a result, prosecutors formally asked the court to order the defendants to reveal their passwords.

Image copyright
Instagram

Image caption

Ms Goddard, a party promoter and socialite, is a big name on social media

Lawyers for the defendants said this would violate the Fifth Amendment – the part of US law that means people can not be forced to incriminate themselves.

But prosecutors cited a December court decision that allowed Florida police to force a suspected voyeur to give up his iPhone password.

On Wednesday, Judge Johnson ruled that he had no choice but to follow precedent. “That’s the law in Florida at this point,” he said.

Ms Voigt and Mr Victor have two weeks to comply with the order, or they could be jailed for contempt of court.

They have both pleaded not guilty to charges of extortion, conspiracy to commit extortion and unlawful use of a communication device.

The issue of whether authorities should have the right to access defendants’ phones has sparked controversy recently.

Last year, the US Department of Justice ordered Apple to help unlock the phone used by San Bernardino gunman Rizwan Farook. But Apple fought the order, saying it would set a “dangerous precedent”.

An apparent reported spike in demands by border officials to search visitors’ phones when they arrive in the US also made headlines.

Department of Homeland Security data analysed by NBC News found that agents looked through almost 25,000 phones in 2016.

Article source: http://www.bbc.co.uk/news/technology-39804358

Google Docs users hit by phishing scam

Google officeImage copyright
Getty Images

Google says it has stopped a phishing email that reached about a million of its users.

The scam claimed to come from Google Docs – a service that allows people to share and edit documents online.

Users who clicked a link and followed instructions, risked giving the hackers access to their email accounts.

Google said it had stopped the attack “within approximately one hour”, including through “removing fake pages and applications”.

“While contact information was accessed and used by the campaign, our investigations show that no other data was exposed,” Google said in an updated statement.

“There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

During the attack, users were sent a deceptive invitation to edit a Google Doc, with a subject line stating a contact “has shared a document on Google Docs with you”.

The email address hhhhhhhhhhhhhhhh@mailinator[.]com was also copied in to the message; Mailinator, a free email service provider has denied any involvement.

If users clicked on the “Open in Docs” button in the email, they were then taken to a real Google-hosted page and asked to allow a seemingly real service, called “Google Docs”, to access their email account data.

Image copyright
Talos Intelligence

Image caption

Victims of the scam were asked to let a seemingly real service called “Google Docs” access their account data.

By granting permission, users unwittingly allowed hackers to potentially access to their email account, contacts and online documents.

The malware then e-mailed everyone in the victim’s contacts list in order to spread itself.

“This is a very serious situation for anybody who is infected because the victims have their accounts controlled by a malicious party,” Justin Cappos, a cyber security professor at NYU, told Reuters.

‘Too widespread’

According to PC World magazine, the scam was more sophisticated than typical phishing attacks, whereby people trick people into handing over their personal information by posing as a reputable company.

This is because the hackers bypassed the need to steal people’s login credentials and instead built a third-party app that used Google processes to gain account access.

The Russian hacking group Fancy Bear has been accused of using similar attack methods, but one security expert doubted their involvement.

“I don’t believe they are behind this… because this is way too widespread,” Jaime Blasco, chief scientist at security provider AlienVault, told PC World.

Google said the spam campaign affected “fewer than 0.1%” of Gmail users. That works out to about one million people affected.

Last year, an American man pleaded guilty to stealing celebrities’ nude pictures by using a phishing scam to hack their iCloud and Gmail accounts.

And in 2013, Google said it had detected thousands of phishing attacks targeting email accounts of Iranian users ahead of the country’s presidential election.

Article source: http://www.bbc.co.uk/news/business-39798022

UK’s best and worst cities for 4G mobile coverage revealed

Woman using mobile phoneImage copyright
AFP

Middlesbrough is the best city in the UK to get mobile 4G coverage while Bournemouth is the worst, says a report.

Consumer group Which? and analyst OpenSignal measured data from mobile phones across 20 cities in the UK.

They say “critical” reforms are needed to provide a better service for customers.

Ofcom said its rules meant “virtually all” UK premises would have to receive a 4G signal by the end of the year.

The OpenSignal study analysed more than 500m data readings from mobile phones taken from more than 30,000 users between December 1 2016 and February 28 via an app.

It ranked 20 of the biggest cities from top to bottom based on their 4G availability.

Top 5

  • Middlesbrough/Teesside – 82.7%
  • Sheffield – 79.3%
  • Sunderland – 79%
  • Leicester – 78.6%
  • Leeds/West Yorkshire – 78.2%

Bottom 5

  • Bournemouth/Poole – 67.5%
  • Southampton/Portsmouth – 69.6%
  • Cardiff – 71.8%
  • Nottingham – 73.3%
  • London – 73.6%

The report also looked at average 4G download speeds across the UK, finding Stoke-on-Trent to be the fastest city and Brighton the slowest.

Which? says big cities often suffer from sub-par mobile networks because it is more difficult to build towers and masts in built-up urban areas.

The findings will be of particular concern to businesses which see good mobile connectivity as vital to a competitive economy, says BBC technology correspondent Rory Cellan-Jones.

The research will also lend weight to the argument that it is far too early to focus on 5G when the operators still need to invest in the infrastructure needed to take 4G everywhere, he added.

‘Frustrating’

Which? is calling on the next government to work with Ofcom and mobile providers to ensure “critical reforms” are made to ensure a better performance and service for customers.

Alex Neill, Which? managing director of home products and services, said Ofcom needed to “keep the pressure” on mobile operators so every part of the country got a “decent service”.

“Our mobile phone is central to how we live our lives and that is why it is so frustrating when we can’t access emails or browse the internet on the go,” she added.

Ofcom said it agreed mobile coverage must improve and that it understood the “importance” of having a reliable mobile broadband where people live and work.

A spokeswoman said: “Ofcom rules mean that virtually all UK premises must receive a 4G signal by the end of this year.

“We’re also making available valuable new airwaves to boost mobile broadband, and have challenged mobile operators to explore how to reach all remote areas and transport lines.”

Article source: http://www.bbc.co.uk/news/uk-39782636

‘We sold our home to build a social network’

The Hughes familyImage copyright
Meffu Graphics

Image caption

Perry, Mollie, Sam and Lisa Hughes are determined to succeed in the social media market.

The Hughes family in Manchester have quit their jobs and put everything they own into building a social network aimed solely at sports fans. But can they take on the giants?

“We see ourselves sitting at the top table with the big boys,” says father Perry Hughes confidently.

“We don’t think we’re taking on the competition.”

It might sound optimistic to put your family business in the same league as the multi-billion dollar social networks but the Hughes family certainly have the passion to give it a go.

Their big idea is GameDay Xtra, which has the bold ambition of hosting a page for every single sports team and player in the world – with even the humblest of leagues able to share their own news.

Son Sam, 21, has suspended his university studies and works through the night on the project. Daughter Mollie, 18, handles the social media side.

GameDay is purely for sports fans, the family say.

Image copyright
GameDay Xtra

Image caption

The family hope to include all sports.

Members get live news feeds of sporting events, form their own groups and networks, follow games play-by-play, and in future will also be able to play bespoke interactive games themselves within the site.

“Super fans” will also be able to run the team or player pages of their choice if the real deal doesn’t snap up their own page themselves.

The family say it currently has a few thousand members and will open for broader membership in August this year.

“We saw an opening in the market,” says Sam, who is also an eSports video game player.

“It’s good to work with family. We’re all hard working, committed to the project.”

Perry Hughes admits the family “panicked” when Facebook launched its Sports Stadium for sports fans in January 2016 but these days he does not consider them to be GameDay’s rivals.

In fact two Facebook execs have joined the closed trial, he claims.

“When we saw what they did [with Stadium] we laughed,” he says.

There are five planned “phases” for the platform, and the family are secretive about what those will be.

Phase two will be only unleashed once they have one million members because the licensing is going to be expensive, Mr Hughes says.

“Phase three will be: ‘what have they built!’” he teases.

Image copyright
Gameday Xtra

Image caption

The website is still being tested.

Perhaps unsurprisingly, financing the idea has proved to be the biggest challenge.

“We went to a lot of investors. They said the scale of the project was too big,” said Mr Hughes.

“We sold the house, the cars, everything. We ran out of money twice.

“We all gave up our jobs and committed totally to this. At times it’s been lonely.

“When you put all your money into one project you are keeping an eye on everything.”

They have now secured significant funding from a Russian backer, whom they decline to identify.

The family are also coy about how they plan to make money from GameDay but hint that it will be similar to Facebook and Instagram’s business model.

“We will be carrying some ads – but we don’t want to end up with loads of videos and so on,” said Mr Hughes.

“This is not about ‘build it, sell it and move on’. We think we are going to change the way media is done.”

Image copyright
Facebook

Image caption

Facebook’s Sports Stadium also targets sports fans.

Emma Sinclair MBE, tech entrepreneur and investor, said she admired their ambition but was “unconvinced” that the platform could live up to the family’s expectations.

“Sports fans are already likely using one or more of Facebook, Twitter, Instagram and SnapChat. That’s in addition to text, Whatsapp, email. And they will no doubt have their favourite sports hubs too relating to teams they support and commentators they follow,” she said.

“There’s a lot of competition and noise out there and for a start-up on a small budget, competing with giants and established players for attention is an expensive and ambitious job.

“As an angel investor and with the little information I have to hand, I am currently unconvinced that this site has the capacity to disrupt the market and come out on top as a key hub for sports fans as things stand.

“This being a site in beta however, I hope they prove me wrong and I wish them luck.”

Article source: http://www.bbc.co.uk/news/technology-39744294

Apple sees surprise fall in iPhone sales

Pedestrians walks past Apple logoImage copyright
Getty Images

Apple sold fewer iPhones than a year ago in the first three months of 2017, the company said in its latest results.

The California firm, which is due to release a new phone later this year, said it sold 50.8 million iPhones in the period, down 1% year-on-year.

Apple boss Tim Cook blamed a “pause” as customers wait for the next iPhone.

Shares in the firm fell nearly 2% in after-hours trading after earlier hitting a record high on expectations of better results.

Apple reported a 4.6% rise in revenue across the whole company to $52.9bn (£41bn), slightly below analysts’ forecasts.

The dip in iPhone sales was offset by services, including Apple Pay, iCloud and the App store, which recorded an 18% increase in sales to $7bn.

Mr Cook also pointed to growth in sales of Apple Watch, as well as its AirPods and Beats earphones.

Despite falling unit sales, revenue from iPhones still climbed 1% to $33.2bn due to “robust” sales of its bigger, more expensive iPhone 7 Plus.


Analysis: Expectations high for 10th anniversary iPhone

Image copyright
Getty Images

By Dave Lee, BBC North America technology reporter

This is always the least impressive time of year for Apple’s earnings, come as it does after the Christmas period.

But worse-than-expected iPhone sales had investors slightly unhappy after anticipation of strong earnings sent shares to record highs earlier on Tuesday.

Tim Cook told investors he was also pleased with the continued growth of its Services division – that’s things like Apple Music, Apple TV, iTunes and so on – but the health of Apple is only realistically measured with the success of that all-conquering smartphone.

Which is why the rest of the year will be exciting to watch.

With the iPhone’s 10th anniversary upon us, expectations are high for the next device.

Anything short of a major improvement would be troubling for investors who are banking on the next iPhone being a blockbuster, not an incremental upgrade.


Analysts at GlobalData Retail noted that Apple’s revenue from iPhones was $7bn less than the same period two years ago.

“We highlight these facts not to be unduly harsh to Apple, but to indicate that the company has only partially emerged from the slump that hit it over the last fiscal year,” Neil Saunders, managing director of GlobalData Retail, wrote in a note.

“In our view, the company’s mature product line up and an absence of any significant new devices mean it has struggled to regain all of the lost ground,” he added.

China, which was partly to blame for the slowdown last year, was again difficult for Apple. Revenue from China dropped 14%, although Mr Cook partly blamed currency fluctuations for the fall.

Apple said quarterly profits were $11bn worldwide, up 4.9% from the same period in 2016.

The firm also announced it would return an extra $50bn to shareholders.

Article source: http://www.bbc.co.uk/news/business-39786961

Hacker steals and shares unreleased TV shows

Orange is the New BlackImage copyright
Getty Images

Image caption

The fifth season of Orange is the New Black was due to air on 9 June

A malicious hacker has reportedly released 10 episodes of the new series of TV show ‘Orange is the New Black’.

The episodes are believed to have been uploaded to file-sharing sites across the net after US media firm Netflix refused to pay a ransom.

The shows were due to be released officially from 9 June onwards.

The hacker who stole the episodes said they had also managed to steal series from other broadcasters including ABC, Fox and National Geographic.

High impact

Netflix told Entertainment Weekly that it was “aware of the situation” and added: “A production vendor used by several major TV studios had its security compromised and the appropriate law enforcement authorities are involved.”

The FBI is also believed to be looking into the theft which is believed to have taken place in late 2016.

The hacker behind the theft uses the alias The Dark Overlord and before now has largely targeted hospitals and other healthcare institutions.

On 29 April, the hacker wrote a message on the Pastebin website which scolded Netflix for not paying the ransom.

It is not clear how much money the hacker wanted for keeping the stolen TV shows offline.

Computer security news site Databreaches.net said it had been given evidence by the hacker that they also got away with 37 other shows and films.

Stolen shows include XXX: Return of Xander Cage, It’s Always Sunny in Philadelphia and Season 1 of Bill Nye Saves the World

Economics professor Brett Danaher from Chapman University in the US told the Washington Post that the impact of the theft may spark attacks from other hackers and groups keen to cash in.

“There is some evidence that pre-release piracy is the most damaging piracy to studios,” he said.

Article source: http://www.bbc.co.uk/news/technology-39769428

Turkish authorities block Wikipedia without giving reason

A mobile device shows Wikipedia's front page displaying a darkened logo on 18 January, 2012Image copyright
Getty Images/PeterMacdiarmid

Image caption

Turkish people awoke to find all access to Wikipedia had been blocked

Turkey has blocked all access inside the country to the online encyclopaedia Wikipedia.

Officials said “an administrative measure” had been taken, but gave no reason why.

Turkish media said authorities had asked Wikipedia to remove content by writers “supporting terror”.

Turkey has temporarily blocked social media sites including Facebook and Twitter in the past, usually following protests or terror attacks.

The Turkey Blocks monitoring group said Wikipedia was unreachable from 08:00 (05:00 GMT). People in Istanbul were unable to access any pages without using a Virtual Private Network (VPN).

  • Switzerland investigates Turkey spying claims
  • Turkey blocks web drives after leak
  • Wikipedia founder creates news service

“After technical analysis and legal consideration based on the Law Nr. 5651 [governing the internet], an administrative measure has been taken for this website,” Turkey’s Information and Communication Technologies Authority was quoted as saying, giving no further details.

However, the Hurriyet daily newspaper said Wikipedia had been asked to remove content by certain writers whom the authorities accuse of “supporting terror” and of linking Turkey to terror groups. The site had not responded to the demands, Hurriyet said, and the ban was imposed as a result.

Turkey Blocks and Turkish media, including Hurriyet, said the provisional order would need to be backed by a full court ruling in the next few days.


Another day, another outage – by Mark Lowen, BBC Turkey Correspondent

It’s become all too familiar here: the endless “loading” icon followed by the message “server timed out”.

Blocking websites is a common tool of the Turkish authorities: Twitter, Facebook and YouTube have suffered the same fate several times, and numerous anti-government sites are inaccessible.

Critics say it smacks of Turkey’s repression of free speech: over half of all requests to Twitter to remove content have come from Turkey, and the country now ranks 155 of 180 in the press freedom index of the watchdog Reporters without Borders.


Social media was in uproar as news of the ban emerged, with some users speculating that it might be a bid to suppress criticism on President Recep Tayyip Erdogan’s Wikipedia page.

Mr Erdogan narrowly won a controversial 16 April referendum on increasing his powers, but the issue has deeply divided the country.

One Twitter user noted that the Wikipedia page on Turkey’s referendum has a section on “controversies and electoral misconduct”, and cites claims that the government suppressed the No campaign through “arrests, control of the media and political suppression”.

Image copyright
Twitter/AbuSteeve

Image copyright
Twitter/Balkans123

The Turkish government has previously denied censoring the internet, blaming outages on spikes in usage after major events.

Wikipedia has also faced censorship in other countries, including a temporary ban in Russia, and repeated crackdowns in China.

Article source: http://www.bbc.co.uk/news/world-europe-39754909